FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 310714

This article describes how to use a PID process debugging script to collect debug logs from FortiGate in the event of a scenario where large amounts of memory are consumed by a specific process.

Scope FortiGate.

The script attached to this article is crafted to collect required process PID memory usage to find potential causes of high memory consumption. TAC engineers are likely to request use of this script to collect information for further investigation.


Make the following changes to the script according to environment. The script will prompt the user for a password when it is first run for debug collection.


username = 'admin'          <- Username used to login into FortiGate. Requires a (super_admin) profile.

hostname = 'xx.xx.xx.xx'    <- IP address of the device.

sshport = '22'              <- Change if using a custom SSH port.

dpath = 'C:\Debug'          <- Log file store location.

dprocess = 'node'           <- PID process name to monitor (check using diag sys top).

waittime = '300'            <- Pause duration before the next execution of the command in seconds.

lsize = '10M'               <- Log rotate file size (M = megabyte).

secure = 0                  <- 1: Teraterm will run in background, 0: Show on desktop (default).


Refer to Technical Tip: FortiGate monitoring script for steps on how to run the script and download the TeraTerm installer:


If the secure option is set to '1': when closing the Teraterm macro script, the console will remain open in the background as it was not properly shut down. It can be closed from the task manager or by using the cleanup.ps1 (Powershell script in to close Teraterm.



This script is not compatible with TeraTerm 5.x.